Reporting

Automate: Execute a Splunk search and export the results to CSV on a windows machine

kgudapati
Explorer

Hi Experts,
I'm a new bee to Splunk. and I am trying to find an automated way to execute a splunk search, export the results in a csv format to my Windows 7 VM or a share drive. The aim is to load the data to a SQL Server.

With the Splunk set-up that we have, We cannot use DB-Connect. A few teams are using python script to execute and automate this process but I am not a linux or a python coder. Hence struggling to automate it.

Can anyone please hep me on how to automate the process.

Thanks,
Krishna.

Tags (1)

koshyk
Super Champion

Multiple approaches.
1. If you have access to the server, then you can run "Splunk command line search directly" and put an outputcsv at the end of search. (or you can make the whole thing into a savedsearch if it is repetitive)
2. You can use CURL if you want to access remotely using REST Api . This is the best method, if you want to interact pro-grammatically and do external juggling.
3. You don't even need to trigger scripts it but generate it within Splunk. e.g. schedule it as a report within Splunk and send/export out as alert/report etc. (Always remember Splunk is ultimately a mathematical engine and you can do anything which is possible out using code)

kgudapati
Explorer

Thank you for the instant response.

I am a SQL/BI person, hence is challenged with coding. I did review the CURL "Remotely using REST API". Copule of Questions

  1. Is the Python example a working model?
  2. How can the Python code be executed and scheduled on a windows machine (sorry for being dumb here)
  3. Is there a working model where I can plug in my Splunk Search, and magically get the output in csv :).... I know its too much to ask for.

Thanks in advance for the help.
Krishna.

0 Karma

koshyk
Super Champion

if you want to schedule, why you can't schedule it within splunk and export it outside? (like the option 3 I mentioned).
You don't even need a python code to execute curl. You can run install curl utility on windows and just run on "cmd" prompt. In python, you have a curl utility (pycurl) which can do the similar. It is just a oneliner

0 Karma

ddrillic
Ultra Champion

Hi Krishna,

A similar question at how to export search result to my local directories in csv

It says -

alt text

0 Karma

kgudapati
Explorer

Thank you for the direction. I did try this option. However, looks like we do not have access to save or schedule searches 😞 .

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...